Open side-bar Menu
 What Would Joe Do?
Peggy Aycinena
Peggy Aycinena
Peggy Aycinena is a freelance journalist and Editor of EDA Confidential at www.aycinena.com. She can be reached at peggy at aycinena dot com.

Functional Safety: ISO, IEC, my Dishwasher, your Car

 
July 26th, 2017 by Peggy Aycinena


In a great moment of situational irony
, I was at my laptop intensely researching details of ISO 26262 in preparation for writing a blog about a recent conversation with OneSpin’s Dave Kelf when there was a shout from the kitchen: “The dishwasher’s smoking!”

I jumped up and ran to the kitchen. “It’s just steam,” I mocked, and opened the dishwasher door to prove my point. Lots of steam.

When I re-closed the door, however, the dishwasher did not start back up. The buttons atop the door wouldn’t take any input commands. Reaching under the sink, I unplugged the dishwasher and plugged it back in. Rebooted, the dishwasher now accepted the Start command, and I returned to my study to work further on ISO 26262.

“It’s still smoking!” someone yelled from the kitchen.

Again I jumped up and ran to the kitchen, jerked opened the dishwasher door and yep, it was indeed burning, internally.

Rancid smoke was coming up out of the vent holes at the top of the door, just adjacent to the cycle-select buttons. Reaching under the sink one more time, I quickly unplugged the dishwasher and then went to get a screwdriver.

Disassembling the interior panel of the door of the dishwasher, it was easy to spot the problem. The entire black box/electronic control complex housed inside the door-casing was smoking. One side of it had developed an enormous blister of mushy, hot plastic and on the other side, an array of 8-10 wires were embedded in a sticky hot goo of melted wire-wrap insulation.

What??

With the kitchen reeking of atomized plastic, I searched through the cupboards for the GE Profile Dishwasher User Manual. My particular unit was manufactured in 2003 and installed in 2004, and had up until now given us no grief whatsoever.

Now however, the gummy hot mess that used to be the electronic control box was stinky, probably toxic, and definitely terrifying: What would have happened if someone hadn’t spotted the smoke? What if no one had been home?

Back at the laptop, I typed in “GE Dishwasher Recalls” and found to my disbelief that my exact unit had been under recall since way back in 2010.

Per the website:

  • Hazard: Water condensation can drip onto the electronic control board, causing a short-circuit and resulting in an overheated connector. This poses a fire hazard to consumers.
  • Remedy: Repair
  • Recall date: October 26, 2010

What?? We never got any notice of a recall.

Have we been living on borrowed time for more than 7 years? Where were the Functional Safety Standards for Home Appliances when this dishwasher was first designed?


*****************

Back to ISO 26262

Under the hood of your car today, there’s a hunka hunka hunka of [hopefully not burning] semiconductors, packaging, discreet components, mother boards, wiring, oil, fuel, friction, and miscellaneous debris – all living cheek-to-jowl with some pretty wicked temperatures.

What are the auto manufacturers supposed to do to guarantee this witch’s brew of flammability [that you belt yourself into every single day] will stay cool, calm and collected, month after month, year after year, no matter how extreme the conditions under the hood?

Well, the auto manufacturers are trying to design and produce cars that are as safe as possible, and protect themselves from some future liability at the same time – and ISO 26262 is among the important guidelines they’re using to help navigate that effort.

But as I’ve learned in my hours of online research, mastering ISO 26262 is not easy.

First you need to study a boatload of vocabulary referenced in the standard – everything from specific definitions for fault and error, to those for hazardous event and safety goal.

Then you’ve also got to wrestle with concepts like Safety Life Cycle, Risk Management, and Automotive Safety Integrity Level, otherwise known as ASIL.

You’ll also need to be familiar with IEC 61508 – “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems” – and understand how this standard is the progenitor of ISO 26262.

Which means you need to know how the IEC is different from the ISO, how the International Electrotechnical Commission differs from the International Organization for Standardization.

The IEC, for instance, traces its roots back 100+ years, counts 82 countries as members, with another 82 countries as associates, is based in Geneva, and oversees upwards of 7000 standards.

While the IOS has been around for 70 years, is also headquartered in Switzerland, counts 162 countries as members, and oversees 21,500+ standards.

Meanwhile and apropos to my dishwasher, both the IEC and the ISO do have standards relevant to dishwasher design, which combined with new-ish installation standards included in the NEC – National Electric Code – should make things like house fires caused by dishwashers a far-less likely scenario.

But dishwashers are small potatoes [unless they’re igniting a fire in my house, of course].

The real issue here is your car and what kinds of functional safety standards are being followed in designing and manufacturing your ‘system on wheels’ so neither rain nor sleet nor user error nor car crash can cause a system failure – can cause your car to go ‘dishwasher’ on you, no matter the amount of mechanical damage, while you’re diligently going from home to work, or from home to Big Box store to buy a replacement dishwasher.

The people who make cars do not want – and cannot afford – for your car to suddenly start smoking, melting, or bursting into flame just because a little water or oil or fuel dribbled through the wrong hole somewhere under the hood and short-circuited one or more of the thousands of electrical connections that live there.

And there’s so much more: You’re going to be surrendering your autonomy and life over to your vehicle, just as soon as the car guys can got those ADAS systems perfected, guaranteed, and in-line with the functional safety standards.

The moral of my story: Take pity on the people in companies large and small who are wrestling with the massive safety commandments codified into ISO 262626, IEC 61508, and a host of other standards which are believed to be critical for developing safe cars.

These people have got a lot to do, and your life depends on how successfully they do it – now and going forward.


*****************

What is Functional Safety?

[These from Texas Instruments’ Karl Greb and Anthony Seely presenting at ARMtechcon]

IEC 61508 Definition

* Safety is the freedom from unacceptable risk of physical injury, or of damage to the health of people, either directly, or indirectly as a result of damage to property or to the environment.

* Functional Safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.

ISO 26262 Definition:

* Functional Safety is the absence of unacceptable risk due to hazards caused by mal-functional behavior of electrical and/or electronic systems.


*****************

Classifying Disaster …

[From Wikipedia regarding ISO 26262]

Severity Classifications (S):

S0 No Injuries
S1 Light to moderate injuries
S2 Severe to life-threatening (survival probable) injuries
S3 Life-threatening (survival uncertain) to fatal injuries

Exposure Classifications (E):
(the relative expected frequency of the operational conditions in which the injury can possibly happen)

E0 Incredibly unlikely
E1 Very low probability (injury could happen only in rare operating conditions)
E2 Low probability
E3 Medium probability
E4 High probability (injury could happen under most operating conditions)

Controllability Classifications (C):
(the relative likelihood that the driver can act to prevent the injury)

C0 Controllable in general
C1 Simply controllable
C2 Normally controllable (most drivers could act to prevent injury)
C3 Difficult to control, or uncontrollable


*****************

Lest you ever trust your dishwasher again …

  • Safety must be considered from the beginning,
  • and Non-tolerable risks must be reduced,
  • but Zero risk can never be reached.

*****************

Related posts:

Tags: , , , , , , , , , ,

One Response to “Functional Safety: ISO, IEC, my Dishwasher, your Car”

  1. Bob Smith says:

    Very thought-provoking article. Safety and security are getting so complex as we trust our daily life and experiences to electronic systems. Great outlook for verification and related technologies. No shortage of need for improvement and better solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

CST: Webinar series
DownStream: Solutions for Post Processing PCB Designs
TrueCircuits: IoTPLL



Internet Business Systems © 2017 Internet Business Systems, Inc.
25 North 14th Steet, Suite 710, San Jose, CA 95112
+1 (408) 882-6554 — Contact Us, or visit our other sites:
TechJobsCafe - Technical Jobs and Resumes EDACafe - Electronic Design Automation GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise